简单的登录验证可以通过Session或者Cookie实现,具体如下:
一、利用Session实现登录验证
1、自定义HandlerInterceptor
public class LoginInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object obj, Exception err)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response,
Object obj, ModelAndView mav) throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object obj) throws Exception {
//获取session里的登录状态值
String str = (String) request.getSession().getAttribute("isLogin");
//如果登录状态不为空则返回true,返回true则会执行相应controller的方法
if(str!=null){
return true;
}
//如果登录状态为空则重定向到登录页面,并返回false,不执行原来controller的方法
response.sendRedirect("/loginPage");
return false;
}
}
2、编写Controller,实现登录登出
@Controller
@RequestMapping("")
public class BackendController {
@RequestMapping(value = "/login", method = {RequestMethod.POST})
public String login(HttpServletRequest request,RedirectAttributes model, String name, String password){
//验证账号密码,如果符合则改变session里的状态,并重定向到主页
if ("xxx".equals(name)&&"123456".equals(password)){
request.getSession().setAttribute("isLogin","yes");
return "redirect:IndexPage";
}else {
//密码错误则重定向回登录页,并返回错误,因为是重定向所要要用到RedirectAttributes
model.addFlashAttribute("error","密码错误");
return "redirect:loginPage";
}
}
//登出,移除登录状态并重定向的登录页
@RequestMapping(value = "/loginOut", method = {RequestMethod.GET})
public String loginOut(HttpServletRequest request) {
request.getSession().removeAttribute("isLogin");
return "redirect:loginPage";
}
}
2、利用Cookie实现登录验证
如果想登录状态退出浏览器后仍保留一段时间的可以将Session改为Cookie。
1、自定义HandlerInterceptor
public class LoginInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object obj, Exception err)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response,
Object obj, ModelAndView mav) throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object obj) throws Exception {
// 获取request的cookie
Cookie[] cookies = request.getCookies();
if (null==cookies) {
System.out.println("没有cookie==============");
} else {
// 遍历cookie如果找到登录状态则返回true执行原来controller的方法
for(Cookie cookie : cookies){
if(cookie.getName().equals("isLogin")){
return true;
}
}
}
// 没有找到登录状态则重定向到登录页,返回false,不执行原来controller的方法
response.sendRedirect("/loginPage");
return false;
}
}
2、编写Controller层代码实现登录登出
@Controller
@RequestMapping("")
public class BackendController {
@RequestMapping(value = "/loginPage", method = {RequestMethod.GET})
public String loginPage(HttpServletRequest request, String account, String password) {
return "login";
}
@RequestMapping(value = "/login", method = {RequestMethod.POST})
public String login(HttpServletRequest request, HttpServletResponse response, RedirectAttributes model, String name, String password) {
if ("xxx".equals(name) && "123456".equals(password)) {
Cookie cookie = new Cookie("isLogin", "yes");
cookie.setMaxAge(30 * 60);// 设置为30min
cookie.setPath("/");
response.addCookie(cookie);
return "redirect:IndexPage";
} else {
model.addFlashAttribute("error", "密码错误");
return "redirect:loginPage";
}
}
@RequestMapping(value = "/logOut", method = {RequestMethod.GET})
public String loginOut(HttpServletRequest request, HttpServletResponse response) {
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
if (cookie.getName().equals("isLogin")) {
cookie.setValue(null);
cookie.setMaxAge(0);// 立即销毁cookie
cookie.setPath("/");
response.addCookie(cookie);
break;
}
}
return "redirect:loginPage";
}
}
另外,无论基于Session还是Cookie的登录验证都需要对HandlerInteceptor进行配置,增加对URL的拦截过滤机制。